On Mon, 29 Jan 1996, Raph Levien wrote:
Most of the recent cypherpunks traffic from Vladimir has been a reiteration of the position that discussing ITAR is bad because it discourages cypherpunks from releasing good crypto software.
Vladimir made my kill file for good reason
Well, here's one cypherpunks who recently released some software, and futhermore did so making significant (some might say extreme) concessions to the ITAR rules. I made the software available only on an export-restricted Web server, and asked explicitly several times for it not to be exported. If my timezone math works out right, it took about half an hour for it to be available on utopia. The ITAR did _nothing_ to stop, or even slow down, the reease of my software.
the point is: YOU did exactly as required by ITAR. you had nothing to do with its export. the point the government is missing is the exact same point the Chinese government failed to understand with Tiannamen (?) square: the greater the power to communicate, the less government objectives of suppressing information are enforceable. once the Russians took the total clamp off the media it was all over --degeneration into anarchy, albeit, obviously somewhat less than idealistic or self-policed (non-utopian). I believe our goal is to provide tools for the protection of individual liberties (Bill of Rights, etc) in the face of both the governments increasing police state mentality and the enormous increase in technology enabling the state to abuse its power to retain control. maybe even look at our position as electronic counter-measures! I look at debating ITAR as futile --the powers that be never will give up power that maintains their power. Our task is to help render their supposed power ineffectual.
Why is it, then, that we still don't have usable strong crypto tools? I'd say the reason is complex, much more so than could be explained by a simple conspiracy theory or even too much discussion of ITAR. The main reason is that it is very damned hard to write good crypto-enabled applications. Trust me, I know. I have done the best I could with the software I released, but I'm still quite frustrated with its limitations, especially with respect to nontechnical users.
for Joe SixPack to demand crypto tools, they must be virtually automatic, including protecting the user from his own ignorance. for instance: it took me less than a few minutes to compile and install MixMaster. OK, I've been involved in this stuff for 30+ years, but MixMaster went together without a ripple faster than most. MM is a great product for unix, or text-based usage; write it in emacs and send it one --painless. why is MM usage not universal? 1) unawareness, 2) it takes a Windoz GUI product for Joe SixPack (please do an OS/2 version version first as I refuse to run Billy's toys (this is NOT a topic for discussion). You need the functions of MM built into all the real world's sexy mail programs; and maybe everyone would think think twice about filling dejanews.com with embarrassing files. meanwhile, while we wait for the ultimate GUI --how about hacking it into Pine?
Ultimately, to create really good crypto-enabled applications, it's going to take money. And there's where ITAR is most effective. If the powers that be disapprove of your software, then there goes your foreign market. There go your government sales. There go those "strategic alliances" with the other companies in the market, because the pressure can be applied transitively too. ITAR is actually only a small part of the process.
for example: IBM/Notes. any large company, or startup for that matter can not afford to risk the government market. guess that follows one of my basic rules: intimidation is just another form communication.
Still, free software has a lot of vitality left in it. It's still strong at blazing new trails in software design. Where it's weak (and this is what really counts now), is being usable, easy to learn, and easy to install. I think if we explicitly work towards these goals, there's hope for great free crypto-enabled applications. Hell, PGP came pretty close, and it's saddled with all kinds of lousy design decisions.
free software really is all that remains as a weapon against government intimidation. the net is virtually transparent: witness tcm's change in his "speedbump" sig. If we wish to scream about our freedoms, putting out _good_, free software is the opening bid, and each time the opposition raises the ante (cracks a cypher methodology), raise 'em one back.
But back to Vladimir: instead of whining at us about how our fear of the law is hurting the acievement of our goals, why don't _you_ write that killer crypto-app and distribute it to the world? Who's stopping you?
well, Vladimir --do you have it or do you not?
Raph
__________________________________________________________________________ go not unto usenet for advice, for the inhabitants thereof will say: yes, and no, and maybe, and I don't know, and fuck-off. _________________________________________________________________ attila__ To be a ruler of men, you need at least 12 inches.... There is no safety this side of the grave. Never was; never will be.